Network Access Protection - defending yourself against you users!

We were recently doing some research with students, and found that most of them are arriving at university with their own laptops and computers. Once there, they seem to have two modes of using them.

Once method is to leave them in their room, and carry all of their data around on memory keys, which they happily plug into your machines in the labs/libraries etc. At least your anti-virus should keep nasties out from them.

The other method is to use their laptops connected to the university network. Although this is less common, it is an increasing practice, and unless you've got your network tied down pretty tightly, it's likely to be happening on your campus too!

With Vista, and the future Windows Server 2008, this is greatly strengthened further by enhanced NAP (Network Access Protection) which gives you much stronger perimeter protection for your network, and allows you to have much more control over the state of devices being connected to your network (eg do they have up-to-date anti-virus; have they applied all relevant Windows Updates).

In the US, Louisiana State University (LSU) were on the Technology Adoption Programme (TAP), which gave them early access to some of the developments in the recent past. LSU are like a number of UK universities - 25,000 active network noeds, and a diverse set of users and use cases. They have shared their experiences in a web cast, where they talk about their overall architecture, their deployment process and the best practice that they developed.